CVE-2010-5298
published 2014-04-14CVE-2010-5298: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to…
medium4CVSS 3.1
AVNACHAuNCNIPAP
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| debian | openssl | < openssl 1.0.1g-3 (bookworm) | openssl 1.0.1g-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mariadb | mariadb | >= 10.0.0 < 10.0.13 | 10.0.13 |
| openssl | openssl | <= 1.0.1g | — |
| openssl | openssl | >= 0 < 1.0.1g-3 | 1.0.1g-3 |
| openssl | openssl | >= 0 < 1.0.1g-3 | 1.0.1g-3 |
| openssl | openssl | >= 0 < 1.0.1g-3 | 1.0.1g-3 |
| openssl | openssl | >= 0 < 1.0.1g-3 | 1.0.1g-3 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.1 | 1.0.1f-1ubuntu2.1 |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| suse | linux_enterprise_workstation_extension | — | — |
CVSS provenance
nvd4.0MEDIUMAV:N/AC:H/Au:N/C:N/I:P/A:P
osv4.0MEDIUM